tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-10 21:43:53 +02:00
Code Issues Projects Releases Wiki Activity
6022012481
silverstripe-framework/docs/en/02_Developer_Guides/09_Security/03_Authentication.md
David Alexander 903379bde2 DOCS 3.2 : fixing api: links now that api: tag parser working 
fixed a couple of external links

fixed a docs link
2016-02-17 18:02:38 -07:00

50 lines
3.4 KiB
Markdown
Raw Blame History

title: Authentication
summary: Explains SilverStripe's Authentication options and custom authenticators.
# Authentication
By default, SilverStripe provides a [api:MemberAuthenticator] class which hooks into its own internal
authentication system.
The main login system uses these controllers to handle the various security requests:
[api:Security] - Which is the controller which handles most front-end security requests, including logging in, logging out, resetting password, or changing password. This class also provides an interface to allow configured [api:Authenticator] classes to each display a custom login form.
[api:CMSSecurity] - Which is the controller which handles security requests within the CMS, and allows users to re-login without leaving the CMS.
## Member Authentication
The default member authentication system is implemented in the following classes:
[api:MemberAuthenticator] - Which is the default member authentication implementation. This uses the email and password stored internally for each member to authenticate them.
[api:MemberLoginForm] - Is the default form used by `MemberAuthenticator`, and is displayed on the public site at the url `Security/login` by default.
[api:CMSMemberLoginForm] - Is the secondary form used by `MemberAuthenticator`, and will be displayed to the user within the CMS any time their session expires or they are logged out via an action. This form is presented via a popup dialog, and can be used to re-authenticate that user automatically without them having to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content.
## Custom Authentication
Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the
following base classes:
[api:Authenticator] - The base class for authentication systems. This class also acts as the factory to generate various login forms for parts of the system. If an authenticator supports in-cms reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods.
[api:LoginForm] - which is the base class for a login form which links to a specific authenticator. At the very least, it will be necessary to implement a form class which provides a default login interface. If in-cms re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form could be extended to require confirmation of username as well as password.
## Default Admin
When a new SilverStripe site is created for the first time, it may be necessary to create a default admin to provide
CMS access for the first time. SilverStripe provides a default admin configuration system, which allows a username
and password to be configured for a single special user outside of the normal membership system.
It is advisable to configure this user in your `_ss_environment.php` file outside of the web root, as below:
:::php
// Configure a default username and password to access the CMS on all sites in this environment.
define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
define('SS_DEFAULT_ADMIN_PASSWORD', 'password');
When a user logs in with these credentials, then a [api:Member] with the Email 'admin' will be generated in
the database, but without any password information. This means that the password can be reset or changed by simply
updating the `_ss_environment.php` file.
Reference in New Issue View Git Blame Copy Permalink